AEM Forms document security allows you to create, store, and apply predefined security settings to your documents. It ensures that only authorized users can use the documents. You can protect documents by using policies. A policy is a collection of information that includes security settings and a list of authorized users. You can apply a policy to one or more documents and authorizes users who are added in AEM Forms JEE user management.

User data and data stores

Document security stores policies and data related to protected documents including user data in a database, such as My Sql, Oracle, MS SQL Server, and IBM DB2. In addition, the data for authorized users in a policy in store in user management. For information about data stored in user management, see Forms User Management | Handling user data.

The following table maps how document security organizes data in database tables.

Database table

Description

EdcPrincipalKeyEntity

Stores information about principal keys for the users. The keys are used in offline document security workflows.

Access and delete user data

You can access and export document security data for users in the databases, and if required, delete it permanently.

To export or delete user data from a database, you need to connect to the database using a database client and find out the principal ID based on some personally identifiable information of the user. For example, to retrieve the principal ID of a user using a login ID, run the following select command on the database.

In the select command, replace the <user_login_id> with the login ID of the user whose principal ID you want to retrieve from the EdcPrincipalUserEntity database table.

Once you know the principal ID, you can export or delete the user data.

Export user data

Run the following database commands to export user data for a principal ID from database tables. In the select command, replace <principal_id> with the principal ID of the user whose data you want to export.

Note:

The following commands use database table names in My SQL and IBM DB2 databases. When running these commands on Oracle and MS SQL databases, replace EdcPolicySetPrincipalEntity with EdcPolicySetPrincipalEnt in the commands.

Delete user data

Do the following to delete document security data for a principal ID from database tables.

Shut down the AEM Forms server.

Run the following database commands to delete data for the principal ID from database tables for document security. In the Delete command, replace <principal_id> with the principal ID of the user whose data you want to delete.